{"id":24176499,"url":"https://github.com/valyentdev/ikto","last_synced_at":"2025-04-08T23:45:01.438Z","repository":{"id":257823212,"uuid":"871127173","full_name":"valyentdev/ikto","owner":"valyentdev","description":"Ikto is a NATS based Wireguard mesh network builder.","archived":false,"fork":false,"pushed_at":"2024-10-11T22:01:02.000Z","size":32,"stargazers_count":44,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-01-13T03:04:19.828Z","etag":null,"topics":["nats","wireguard"],"latest_commit_sha":null,"homepage":"https://valyent.cloud","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/valyentdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-11T10:22:59.000Z","updated_at":"2025-01-12T20:22:53.000Z","dependencies_parsed_at":"2024-10-12T17:06:58.923Z","dependency_job_id":null,"html_url":"https://github.com/valyentdev/ikto","commit_stats":null,"previous_names":["valyentdev/ikto"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/valyentdev%2Fikto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/valyentdev%2Fikto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/valyentdev%2Fikto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/valyentdev%2Fikto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/valyentdev","download_url":"https://codeload.github.com/valyentdev/ikto/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247947820,"owners_count":21023058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["nats","wireguard"],"created_at":"2025-01-13T03:01:53.891Z","updated_at":"2025-04-08T23:45:01.425Z","avatar_url":"https://github.com/valyentdev.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Ikto\n\nIkto is a wireguard mesh builder based on nats. The first Ikto goal is to be the building block of our micro-vm orchestrator, [Ravel](https://github.com/valyentdev/ravel), networking features.\n\n## Concepts\n\nIkto connects to a [NATS Jetstream](https://docs.nats.io/nats-concepts/jetstream) KV bucket and watch it. It update the local peer configuration and distant peers when changes are made on the KV bucket. In fact, the peer authentication is made via NATS. **If a node has an authenticated read-write access to the NATS cluster and the KV store, it can add himself to the mesh.**\nThis means that, for now, there is now central control plane for the mesh.\n\n### IPAM \nIt's important that each node get an unique IP address. Here are the steps that Ikto follow to reach this goal:\n1. Before starting ikto, you generate a random address with `ikto init`.\n2. When ikto start, it gets the value on the key `peers.{base64_encoded_peerIP}`.\n3. If a value already exist, it checks that the corresponding peer is himself (comparing the public keys) and update itself\n4. If not ikto fails because of the already in use address and you need to generate a new random IP (so Ikto will better work if you have a lot more available ip than nodes)\n5. If it doesn't exist, Ikto try to create a value [with optimistic locking ](https://docs.nats.io/nats-concepts/jetstream/key-value-store#atomic-operations-used-for-locking-and-concurrency-control)\n\nAs a consequence of nats concurrency control properties, duplicated addresses should never happend. \n\n\n## Getting started\n\n### Pre-requisites\n- An available NATS cluster (or just one nats-server)\n- Wireguard installed on each node\n\n\n### Installation\n\nYou can download the latest release from github releases:\n```bash\nwget https://github.com/valyentdev/ikto/releases/download/v0.3.0/ikto_0.3.0_linux_amd64.tar.gz\ntar -xvf ikto_0.3.0_linux_amd64.tar.gz\ncp ikto SOMEWHERE_IN_YOUR_PATH\n```\n\nWe'll provide an install script in the future.\n\n### Configuration\n\nOn each node, you can configure ikto:\n```bash\n$ ikto init \u003e ikto.json\n```\n\nFile generated:\n```json\n{\n  \"name\": \"\",\n  \"advertise_address\": \"\",\n  \"private_address\": \"fd10:2082:5bc1::\",\n  \"subnet_prefix\": 48,\n  \"mesh_cidr\": \"fd10::/16\",\n  \"wg_dev_name\": \"wg-ikto\",\n  \"wg_port\": 51820,\n  \"private_key_path\": \"\",\n  \"nats_creds\": \"\",\n  \"nats_url\": \"nats://\",\n  \"nats_kv\": \"ikto-mesh\"\n}\n```\n\nFinally you can run it:\n```bash\n$ ikto agent -c ikto.json\n```\n\n\nIkto listen on an unix socket by default on /tmp/ikto.sock \n```bash\n$ ikto agent -c ikto.json -s /var/run/ikto.sock\n```\n\n\n## Contributing\n\nYou can signal bugs or request a feature by opening an issue and/or a pull request on this repository. If you have any question you can join our [Discord](https://discord.valyent.dev/) where we are available almost every days. \n\n## License\n\n   Copyright 2024 SAS Valyent\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use these files except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvalyentdev%2Fikto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvalyentdev%2Fikto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvalyentdev%2Fikto/lists"}